Mobile devices offer a great deal of functionality that allows the device to be used for both corporate and personal use. For example users may wish to use the device for personal applications such as games, really simple syndication (RSS) reading, web browsing, media playing, VOIP communication and general leisure. However corporations may want a device to be used for a subset of functionality required for a user to complete their job.
When a mobile device is issued by a corporation to an employee the corporation may choose to limit certain functionality on the device in order, for example, to reduce the risk of exposure of corporate data on the mobile device. This may be done, for example, through information technology (IT) policies. An IT policy is a set of rules that dictate the functionality of a device that operates on a network. Accordingly, an IT administrator can use IT policy to ensure that all devices comply with certain rules, and are limited to certain functionality. For instance, the IT administrator can use IT policy to allow the use of certain features on a device, specify certain security settings for the device, specify applications that are allowed to execute on the device, and the like. The IT policy can be sent to the device via a wired or wireless connection depending on the nature of the network and whether or not the device is connected by a wired connection.
IT policy may also be enforced on desktop software running on a workstation computer connected to the same corporate network as the mobile device. For example, when the mobile device is connected to the computer the desktop software may list applications that are currently on the device and any new or updated applications that are available for download to the mobile device. Alternatively the organization may not want to permit the user to add, update, or delete device applications. Typically these policies come from an administrator and are easily applied to computers on the corporate network.
However the rapidly increasing functionality offered on mobile devices encourages corporate mobile devices to be used for both corporate and personal matters. While corporate policy can easily be applied to workstation software on a corporate computer, the corporation typically has no ownership or jurisdiction over the user's home computer any. Indeed, the home computer may be shared with other users such as family members who expect a different user experience than the corporate member.
With desktop software being used both by managed (typically corporate) mobile devices and unmanaged (typically personal) mobile devices, enforcing IT policies can be challenging. In addition, a single mobile device may have both ‘managed corporate’ and an ‘unmanaged personal’ aspects. Thus regulating the functionality of the desktop application on the user's home computer in order to enforcing IT policies may not be possible.
Similarly a workstation may be a “shared use” one which does not require end-users to use distinct credentials to identify themselves to the workstation (and corporate network). That is—the workstation cannot identify the user based on the logged in security principal. This is sometimes used for a shared use computer on a shop floor, for example. With many devices may connected to a workstation may require multiple instances of the desktop application to be run in order to enforce the appropriate IT policy challenging the management or administration of the functionality of desktop applications used by different devices.